GHSA-477r-v22q-r42f

Source

https://github.com/advisories/GHSA-477r-v22q-r42f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-477r-v22q-r42f/GHSA-477r-v22q-r42f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-477r-v22q-r42f

Aliases

CVE-2017-1000088

Published

2022-05-17T00:29:00Z

Modified

2024-02-18T05:32:30.097131Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Persisted XSS Vulnerability in Jenkins Sidebar Link Plugin

Details

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.

Database specific

{
    "nvd_published_at": "2017-10-05T01:29:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T22:36:17Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:sidebar-link

Package

Name: org.jenkins-ci.plugins:sidebar-link; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/sidebar-link

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9

Affected versions

1.*

1.6

1.7

1.8

Database specific

{
    "last_known_affected_version_range": "<= 1.8"
}